HELP! I HAS MALWARE! I NEEDS HELP ASAP! DX

[KrystalizedKiss]

HELP! I have no idea what I can do to get rid of this malware! It won't let me go onto google, or any other sites that were just fine. Like Facebook, youtube, tumblr, etc. The only sites that it'll let me go onto to browse are sites like MSN, Gmail, my bank account, and other stuff! I didn't log onto them because I'm afraid something is going to happen if I do!

The malware is calling itself "Win 7 Anti-virus 2011" and it appears every time I try to browse the internet. I'm trying to use Firefox, Opera, and even regular Internet Explorer isn't working!

I've even tried running my computer in safe mode with networking to try to download other anti-viruses, but it's not working!

Please! Help me! I'm desperate! -cries-

[Stattick]

If you can click the following link, there are detailed instructions as to how to remove this particular infection. Let me know if you cannot follow the link.

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011

[KrystalizedKiss]

I can't access it! D; It won't let me!

[Stattick]

Did you try it in Safe Mode w/ Networking?

If you can't navigate to the link by clicking on it, can you type URL into the location bar in your browser?

[KrystalizedKiss]

Eep! It seems to work when I type it in myself, but for the site, I'd have to click "Read the full entry ..." But I can't as it also takes me into that blocked portion! And I can't see the full link to try to type it in myself!

And yes, as I've already stated, I am running on safe mode with networking.

[KrystalizedKiss]

And also, there seems to be many of these "anti-virus" programs, I'm not sure which one is the right one!

[Stattick]

Ok, let me post some of the instructions from the site above to get you started:

• Print out these instructions as we may need to close every window that is open later in the fix.


• It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.


• Before we can do anything we must first end the processes that belong to XP Internet Security, Vista Antimalware 2011, and Win 7 Antispyware 2011 so that it does not interfere with the cleaning procedure. To do this, please download RKill to your desktop from the following link.
  
  RKill Download Link: http://www.bleepingcomputer.com/download/anti-virus/rkill
  
  When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.


• Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with XP Internet Security, Vista Antimalware 2011, and Win 7 Antispyware 2011 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by XP Internet Security, Vista Antimalware 2011, and Win 7 Antispyware 2011 when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate XP Internet Security, Vista Antimalware 2011, and Win 7 Antispyware 2011 . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. If you continue having problems running RKill, you can download the other renamed versions of RKill from the rkill download page (http://www.bleepingcomputer.com/download/anti-virus/rkill). All of the files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.
  
  Do not reboot your computer after running RKill as the malware programs will start again.
  


• Now you should download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:
  
  Malwarebytes' Anti-Malware Download Link: http://www.malwarebytes.org/mbam.php



• Once downloaded, close all programs and Windows on your computer, including this one.


• Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.


• When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button. If MalwareBytes' prompts you to reboot, please do not do so.


• MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
  
  
  


• On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for XP Internet Security, Vista Antimalware 2011, and Win 7 Antispyware 2011 related files.


• MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
  
  


• When the scan is finished a message box will appear as shown in the image below.
  
  
  
  
  You should click on the OK button to close the message box and continue with the Win 7 Security, Vista Security 2011, and XP Antispyware 2011 removal process.


• You will now be back at the main Scanner screen. At this point you should click on the Show Results button.


• A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.
  
  
  
  You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.


• When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.


• You can now exit the MBAM program.


• As many rogues and other malware are installed through vulnerabilities found in out-dated and insecure programs, it is strongly suggested that you use Secunia PSI to scan for vulnerable programs on your computer. A tutorial on how to use Secunia PSI to scan for vulnerable programs can be found here:

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector

[Stattick]

Problem solved

[Limoncello]

This looks really interesting. Do you mind if I take this process from you. This will benefit me a lot. Not myself, but for other users that run into this problem.

Being on a help desk it would be nice to have multiple solutions to solve the same problem.

[Ferret]

We use the Malwarebytes program a lot at work; it works heavenly against malware.

If for some reason the program won't install, it's because the infection is preventing it. Rename the icon to 'virus' and the infection will let it pass.

[Haibane]

Malwarebytes is THE single most effective tool I know to combat pretty much EVERYTHING. It has saved me on at least 3 occasions. Vekseid links to it in his 'Notes for a Healthy Computer' post. Really, everyone should use it; it's amazing.

To the original poster - if you can get to another computer (such as a friend, school or a library) and download Malwarebytes to a flash drive (and get any updates it needs), you should then be able to install it to your infected PC in safe mode.

[Stattick]

This looks really interesting. Do you mind if I take this process from you. This will benefit me a lot. Not myself, but for other users that run into this problem.

Being on a help desk it would be nice to have multiple solutions to solve the same problem.

Well, that was sorta rewritten from this: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011

Bleeping computer has a number of tutorials on how to get rid of various, nasty, malware infections and a number of other useful articles. It's a good site.



Additionally to Malwarebytes, I also highly recommend Superantispyware. http://www.superantispyware.com/

I've had occasions where Malwarebytes wouldn't run, and Superantispyware would. I've had occasions where Malwarebytes missed some stuff that Superantispyware found (and vice versa). They're both really competitive with each other, in terms of who comes out with the malware fixes first. The other thing that I like about Superantispyware, is that since it's not super famous, that a lot of malware that's designed to specifically disable or sneak past Malwarebytes, has not been designed to disable or sneak past Superantispyware.

In terms of protection, no product on the market is perfect. Although it's not advisable to have more then one anti-virus program running, I've never had a problem with running multiple anti-malware programs. The two I trust the most are Malwarebytes and Superantispyware. I do... did (wait, my computer's dead) also have Spybot loaded up (w/o Teatimer), but I only used it for immunizations and stuff like that. After that time where it destroyed my Operating System, I no longer use Spybot to clean malware off of my system.

[Scott]

Just my .02, but Veks recommended the ESET, and I followed his advice. It's been about a year and I've been attacked a few times, and this thing just stops them dead in their tracks. I recommend it highly.  Good luck getting your comp back up and running.

[Pandoras Kitten]

I have a clean rescue thumbdrive with all the useful antimalware and trojan killer apps that I use to well, rescue downed computers.

When scanning for malware, viruses, trojans, rootkits, etc, it helps to boot up in safe mode with no internet access, in order to quarantine the infection. If malware were edible I'd create a feast out of my contaminated office computers (due to colleagues web surfing with no firewall and antimalware).